openmotif21-2.1.30-11.RHEL4.4.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
6. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
Red Hat Security Advisory
Synopsis: Moderate: tcpdump security update
Advisory ID: RHSA-2005:417-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-417.html
Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1278 CAN-2005-1279 CAN-2005-1280
1. Summary:
Updated tcpdump packages that fix several security issues are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
This updated package also adds support for output files larger than 2 GB.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Tcpdump is a command-line tool for monitoring network traffic.
Several denial of service bugs were found in the way tcpdump processes
certain network packets. It is possible for an attacker to inject a
carefully crafted packet onto the network, crashing a running tcpdump
session. The Common Vulnerabilities and Exposures project (cve.mitre.org/)
has assigned the names CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280 to
these issues.
The tcpdump utility can now write a file larger than 2 GB.
Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported security patches and are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm
5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm
i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3 arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm
ia64:
c946c22b1dd85ebdd683ba32a0b90c81 arpwatch-2.1a13-9.RHEL4.ia64.rpm
077d5e776765be59d99622d68e2cf961 libpcap-0.8.3-9.RHEL4.ia64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
79a99b5c9945b2bcdd15c25f18868a3f tcpdump-3.8.2-9.RHEL4.ia64.rpm
ppc:
75881a67766b2b6691d5226e171fdc10 arpwatch-2.1a13-9.RHEL4.ppc.rpm
b4a41e93577c6f82f149431977ef61e5 libpcap-0.8.3-9.RHEL4.ppc.rpm
a14f89e586397f85008157fa19878911 libpcap-0.8.3-9.RHEL4.ppc64.rpm
9420bb4d746827512ee887401312440a tcpdump-3.8.2-9.RHEL4.ppc.rpm
s390:
7ea94c620e5af6e475b4b27f26e470f2 arpwatch-2.1a13-9.RHEL4.s390.rpm
1976770e47c521297f649f1b42e49898 libpcap-0.8.3-9.RHEL4.s390.rpm
e7da5aebbed8819f14b5879e11c2be6e tcpdump-3.8.2-9.RHEL4.s390.rpm
s390x:
7cfc13ab028787fa75ad5e8247d1880c arpwatch-2.1a13-9.RHEL4.s390x.rpm
4a86ff37bfc19be6081f382660a92cdc libpcap-0.8.3-9.RHEL4.s390x.rpm
1976770e47c521297f649f1b42e49898 libpcap-0.8.3-9.RHEL4.s390.rpm
13d794d2c859d3ea562487b88e216f1a tcpdump-3.8.2-9.RHEL4.s390x.rpm
x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1 libpcap-0.8.3-9.RHEL4.x86_64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e tcpdump-3.8.2-9.RHEL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm
5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm
i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3 arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm
x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1 libpcap-0.8.3-9.RHEL4.x86_64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e tcpdump-3.8.2-9.RHEL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm
5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm
i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3 arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm
ia64:
c946c22b1dd85ebdd683ba32a0b90c81 arpwatch-2.1a13-9.RHEL4.ia64.rpm
077d5e776765be59d99622d68e2cf961 libpcap-0.8.3-9.RHEL4.ia64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
79a99b5c9945b2bcdd15c25f18868a3f tcpdump-3.8.2-9.RHEL4.ia64.rpm
x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1 libpcap-0.8.3-9.RHEL4.x86_64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e tcpdump-3.8.2-9.RHEL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm
5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm
i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3 arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm
ia64:
c946c22b1dd85ebdd683ba32a0b90c81 arpwatch-2.1a13-9.RHEL4.ia64.rpm
077d5e776765be59d99622d68e2cf961 libpcap-0.8.3-9.RHEL4.ia64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
79a99b5c9945b2bcdd15c25f18868a3f tcpdump-3.8.2-9.RHEL4.ia64.rpm
x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1 libpcap-0.8.3-9.RHEL4.x86_64.rpm/
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e tcpdump-3.8.2-9.RHEL4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
6. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
Red Hat Security Advisory
Synopsis: Moderate: tcpdump security update
Advisory ID: RHSA-2005:421-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-421.html
Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1278 CAN-2005-1279 CAN-2005-1280
1. Summary:
Updated tcpdump packages that fix several security issues are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
These updated packages also add support for output files larger than 2 GB,
add support for some new VLAN IDs, and fix message parsing on 64bit
architectures.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
Tcpdump is a command-line tool for monitoring network traffic.
Several denial of service bugs were found in the way tcpdump processes
certain network packets. It is possible for an attacker to inject a
carefully crafted packet onto the network, crashing a running tcpdump
session. The Common Vulnerabilities and Exposures project (cve.mitre.org/)
has assigned the names CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280 to
these issues.
Additionally, the tcpdump utility can now write a file larger than 2 GB,
parse some new VLAN IDs, and parse messages on 64bit architectures.
Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported security patches and are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm
0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm
i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm
ia64:
b6103f68b3992ddf6bc0fe747f81cbbe libpcap-0.7.2-7.E3.5.ia64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
c09ea94decbff9547a93fd5b0565ed29 tcpdump-3.7.2-7.E3.5.ia64.rpm
ppc:
2758662cc702f6a4410a60d1601a153a libpcap-0.7.2-7.E3.5.ppc.rpm
7a568efb8187cfc7c6b559161cf9e18c libpcap-0.7.2-7.E3.5.ppc64.rpm
07c067ffd17e53819cefd8456e7a7509 tcpdump-3.7.2-7.E3.5.ppc.rpm
s390:
e3ef1f0253d92389bdd051cba0ddaae9 libpcap-0.7.2-7.E3.5.s390.rpm
37a66b594884b745c7bada003825aef9 tcpdump-3.7.2-7.E3.5.s390.rpm
s390x:
69a4d6ad073863c16b4b5ca0a083fbfc libpcap-0.7.2-7.E3.5.s390x.rpm
e3ef1f0253d92389bdd051cba0ddaae9 libpcap-0.7.2-7.E3.5.s390.rpm
368c077fe312d95ce20e350fd5a6704d tcpdump-3.7.2-7.E3.5.s390x.rpm
x86_64:
157bceaebd99a87bd8dc797d1d509f33 libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
9bda0e806e916b7dab298317097a3325 tcpdump-3.7.2-7.E3.5.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm
0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm
i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm
x86_64:
157bceaebd99a87bd8dc797d1d509f33 libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
9bda0e806e916b7dab298317097a3325 tcpdump-3.7.2-7.E3.5.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm
0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm
i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm
ia64:
b6103f68b3992ddf6bc0fe747f81cbbe libpcap-0.7.2-7.E3.5.ia64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
c09ea94decbff9547a93fd5b0565ed29 tcpdump-3.7.2-7.E3.5.ia64.rpm
x86_64:
157bceaebd99a87bd8dc797d1d509f33 libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
9bda0e806e916b7dab298317097a3325 tcpdump-3.7.2-7.E3.5.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm
0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm
i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm
ia64:
b6103f68b3992ddf6bc0fe747f81cbbe libpcap-0.7.2-7.E3.5.ia64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
c09ea94decbff9547a93fd5b0565ed29 tcpdump-3.7.2-7.E3.5.ia64.rpm
x86_64:
9bda0e806e916b7dab298317097a3325 tcpdump-3.7.2-7.E3.5.x86_64.rpm
157bceaebd99a87bd8dc797d1d509f33 libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
6. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
Red Hat Security Advisory
Synopsis: Critical: gaim security update
Advisory ID: RHSA-2005:429-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-429.html
Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1261 CAN-2005-1262
1. Summary:
An updated gaim package that fixes two security issues is now available.
This update has been rated as having critical security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The Gaim application is a multi-protocol instant messaging client.
A stack based buffer overflow bug was found in the way gaim processes a
message containing a URL. A remote attacker could send a carefully crafted
message resulting in the execution of arbitrary code on a victim's machine.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the name CAN-2005-1261 to this issue.
A bug was found in the way gaim handles malformed MSN messages. A remote
attacker could send a carefully crafted MSN message causing gaim to crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the name CAN-2005-1262 to this issue.
Users of Gaim are advised to upgrade to this updated package which contains
backported patches and is not vulnerable to these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm
bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm
i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm
ia64:
4a93e8e28ddfc147277773480c90a706 gaim-1.2.1-6.el3.ia64.rpm
ppc:
742c7971f07ba2a83af5023ac4283f02 gaim-1.2.1-6.el3.ppc.rpm
s390:
987db3f09037b9f8deeaaafd51fe76c3 gaim-1.2.1-6.el3.s390.rpm
s390x:
16d7c8d5fe4dd0f99f1bd6418f3e03c7 gaim-1.2.1-6.el3.s390x.rpm
x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm
bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm
i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm
x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm
bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm
i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm
ia64:
4a93e8e28ddfc147277773480c90a706 gaim-1.2.1-6.el3.ia64.rpm
x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm
bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm
i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm
ia64:
4a93e8e28ddfc147277773480c90a706 gaim-1.2.1-6.el3.ia64.rpm
x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm
8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm
i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm
ia64:
84e2bde6e30fb3da72651f3a3b3a1a91 gaim-1.2.1-6.el4.ia64.rpm
ppc:
f596381eb4b924a8b43df623ac2011ae gaim-1.2.1-6.el4.ppc.rpm
s390:
c72eb22cda05c6f23caabc458a6b3132 gaim-1.2.1-6.el4.s390.rpm
s390x:
6a64c4e6cd546fd98d2ee0f44c04f6bb gaim-1.2.1-6.el4.s390x.rpm
x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm
8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm
i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm
x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm
8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm
i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm
ia64:
84e2bde6e30fb3da72651f3a3b3a1a91 gaim-1.2.1-6.el4.ia64.rpm
x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm
8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm
i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm
ia64:
84e2bde6e30fb3da72651f3a3b3a1a91 gaim-1.2.1-6.el4.ia64.rpm
x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
6. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
Red Hat Security Advisory
Synopsis: Critical: gaim security update
Advisory ID: RHSA-2005:432-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-432.html
Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0472 CAN-2005-1261
1. Summary:
An updated gaim package that fixes security issues is now available for Red
Hat Enterprise Linux 2.1.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
3. Problem description:
The Gaim application is a multi-protocol instant messaging client.
A stack based buffer overflow bug was found in the way gaim processes a
message containing a URL. A remote attacker could send a carefully crafted
message resulting in the execution of arbitrary code on a victim's machine.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the name CAN-2005-1261 to this issue.
A bug in the way Gaim processes SNAC packets was discovered. It is possible
that a remote attacker could send a specially crafted SNAC packet to a Gaim
client, causing the client to stop responding. The Common Vulnerabilities
and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0472
to this issue.
Users of Gaim are advised to upgrade to this updated package which contains
gaim version 0.59.9 with backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm
f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm
i386:
dd0961f496e0be18e79c1893e5b061f4 gaim-0.59.9-4.el2.i386.rpm
ia64:
5f32a394431f368a7c9e049f4ebb7494 gaim-0.59.9-4.el2.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm
f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm
ia64:
5f32a394431f368a7c9e049f4ebb7494 gaim-0.59.9-4.el2.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm
f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm
i386:
dd0961f496e0be18e79c1893e5b061f4 gaim-0.59.9-4.el2.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm
f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm
i386:
dd0961f496e0be18e79c1893e5b061f4 gaim-0.59.9-4.el2.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
6. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
Mandriva Linux
Mandriva Linux Security Update Advisory
Package name: ethereal
Advisory ID: MDKSA-2005:083
Date: May 10th, 2005
Affected versions: 10.1, 10.2
Problem Description:
A number of vulnerabilities were discovered in previous version of
Ethereal that have been fixed in the 0.10.11 release, including:
- The ANSI A and DHCP dissectors are vulnerable to format string
vulnerabilities.
- The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP,
PKIX1Explitit, PKIX Qualified, X.509, Q.931, MEGACO, NCP, ISUP, TCAP
and Presentation dissectors are vulnerable to buffer overflows.
- The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB
NETLOGON dissectors are vulnerable to pointer handling errors.
- The LMP, KINK, MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and
L2TP dissectors are vulnerable to looping problems.
- The Telnet and DHCP dissectors could abort.
- The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors could cause a
segmentation fault.
- The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2,
RADIUS, SMB PIPE, MRDISC and TCAP dissectors could throw assertions.
- The DICOM, NDPS and ICEP dissectors are vulnerable to memory
handling errors.
- The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP
dissectors could terminate abnormallly.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1470
http://www.ethereal.com/appnotes/enpa-sa-00019.html
Updated Packages:
Mandrakelinux 10.1:
ae2866749c7a3ceebbd6550ef5a29154 10.1/RPMS/ethereal-0.10.11-0.1.101mdk.i586.rpm
7a27b1b13fd7b9232f078f3c803863c8 10.1/RPMS/ethereal-tools-0.10.11-0.1.101mdk.i586.rpm
b32725663f41c817169c650c04dff15e 10.1/RPMS/libethereal0-0.10.11-0.1.101mdk.i586.rpm
f995c192659c93c5a77d12ff0dfb74e3 10.1/RPMS/tethereal-0.10.11-0.1.101mdk.i586.rpm
0d2e9e9478b964b9de67e10dab5996d7 10.1/SRPMS/ethereal-0.10.11-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
a6fdb42381866c6c2df04732a0e2e2f0 x86_64/10.1/RPMS/ethereal-0.10.11-0.1.101mdk.x86_64.rpm
285be2e4fff2cec54772d08daf994c0f x86_64/10.1/RPMS/ethereal-tools-0.10.11-0.1.101mdk.x86_64.rpm
a672830433d1bd9c044d081116311406 x86_64/10.1/RPMS/lib64ethereal0-0.10.11-0.1.101mdk.x86_64.rpm
da5bb65a0ac86ad8510c9c82c6c3c798 x86_64/10.1/RPMS/tethereal-0.10.11-0.1.101mdk.x86_64.rpm
0d2e9e9478b964b9de67e10dab5996d7 x86_64/10.1/SRPMS/ethereal-0.10.11-0.1.101mdk.src.rpm
Mandrakelinux 10.2:
f6d236307d9366150aa2cf900b77ad4b 10.2/RPMS/ethereal-0.10.11-0.1.102mdk.i586.rpm
e146cf60690d907aaeb569f59cde8e37 10.2/RPMS/ethereal-tools-0.10.11-0.1.102mdk.i586.rpm
a6ee5615d66e5b33ffe05270069fa921 10.2/RPMS/libethereal0-0.10.11-0.1.102mdk.i586.rpm
fa4398c9e4947faff78750b289ee922c 10.2/RPMS/tethereal-0.10.11-0.1.102mdk.i586.rpm
0b13985c69b63df65775240b8991c07e 10.2/SRPMS/ethereal-0.10.11-0.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
7c9dc07574f92df6e3920da6c1320cfb x86_64/10.2/RPMS/ethereal-0.10.11-0.1.102mdk.x86_64.rpm
5684d61528aa353ee5ce58d8c99317f9 x86_64/10.2/RPMS/ethereal-tools-0.10.11-0.1.102mdk.x86_64.rpm
ce979043e16801b2b4565fb2dae4e18f x86_64/10.2/RPMS/lib64ethereal0-0.10.11-0.1.102mdk.x86_64.rpm
1e5af06f5eb143a956fd3a0ee88109e0 x86_64/10.2/RPMS/tethereal-0.10.11-0.1.102mdk.x86_64.rpm
0b13985c69b63df65775240b8991c07e x86_64/10.2/SRPMS/ethereal-0.10.11-0.1.102mdk.src.rpm
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
